Use the reporting name in Exit-variables for authorization – Addendum
This blog has been translated with Google Translate. the original blog can be found here: ekessler.de
In the block Use the reporting name in Exit-variables for authorization I have shown as the name of a report in the processing of exit variables in the context of the authorization may be used. In this block, I show what restrictions are taken into account.
The customer exit is traversed twice in the context of authorization. In the first pass the COMPID field is not yet available in the memory, and the call
returns for l_compid nothing. With the following code to ensure that all users of the report ‘ZTKE_EXIT_VAR_AUTH’ only the information on the country Germany (DE) is obtained.
DATA: TYPE l_compid rszcompid,
ls_range TYPE rrrangesid.
IMPORT FROM MEMORY ID l_compid compid = ‘COMPID’.
ls_range-sign = ‘I’.
ls_range–opt = ‘EQ’.
ls_range–low = ‘EN’.
APPEND TO ls_range c_t_range.
The first call in I_STEP = 0 still determined not COMPID and thus no value for the processed here exit variable comes back as part of the authorization. In the second call, the COMPID can be determined and the permission is restricted to DE.
The first call has the consequence that we in the execution of the report, the warning
You do nothaveanalysisauthorizationforanychar. valuesof char. 0COUNTRY
get, see Figure 2.1. the authorization
By default, the variables are determined buffered values in the context of the authorization check. To ensure that the values can be evaluated in the second pass, the buffering in the RSECADMIN (see Figure 2.1) can be switched off. This is only possible system-wide!
Figure 2.1: Variablen Pufferung deaktivieren
After the buffer was switched off, we get no warnings regarding. The lack of analysis authorization more.
Unfortunately, there is no alternative to turning off the buffer. The analysis authorization concept clearly states that an analysis of authorization should be made to the data and not the reporting object.